Info of 2.4 million Carphone Warehouse customers stolen
Personal and financial information of 2.4 million customers of British mobile phone retailer Carphone Warehouse have likely been compromised in a breach, along with encrypted credit card details of around 90,000 of them.
Carphone Warehouse, which operates over 2,400 stores across Europe and several websites that provide services for its customers and those of its subsidiaries like TalkTalk telecom, has notified the public about the compromise on Saturday, August, 8.
The attack was actually spotted three days earlier. According to this FAQ file by TalkTalk, their and other sites operated by Carphone Warehouse have been subjected to a DDoS attack, and ultimately the attackers accessed customer databases. How did they manage to do this is still unknown.
The sites affected are the following: OneStopPhoneShop.com, e2save.com and Mobiles.co.uk.
They were taken offline, and Carphone Warehouse has called in outside cybersecurity experts to help with the investigation. In the meantime, they have also notified the UK Information Commissioner’s Office (ICO), which is also involved in the investigation.
The compromised data includes customers’ name, marital status, date of birth, addresses (current and previous), phone numbers, email address, bank details, occupational details, and website account login credentials.
Affected users have been urged to change their passwords, and to be on the lookout for possible phishing attempts using the stolen information. They have also been advised to notify their bank and credit card company, so that they can monitor their account for unusual activity.